diff options
author | Peer Beckmann <[email protected]> | 2017-04-03 23:16:32 +0200 |
---|---|---|
committer | Matt Holt <[email protected]> | 2017-04-03 15:16:31 -0600 |
commit | c0ce2b1d50b7ed78199776ea791a999500d3e863 (patch) | |
tree | c3364016bc6339b9da3be22b0c4e524775416b0e | |
parent | 59bf71c2932c3b814a6a1211c492a1aa9f71d4a1 (diff) | |
download | caddy-c0ce2b1d50b7ed78199776ea791a999500d3e863.tar.gz caddy-c0ce2b1d50b7ed78199776ea791a999500d3e863.zip |
proxy: Respect insecure_skip_verify for health check (#1558)
* Respect the 'insecure_skip_verify' for the health check.
* WIP: Trying to add a test. Non functional.
* Fixing tests.
* Creating better error messages.
* Optimize two more error messages.
* Move the tests into an extra function.
-rw-r--r-- | caddyhttp/proxy/upstream.go | 5 | ||||
-rw-r--r-- | caddyhttp/proxy/upstream_test.go | 38 |
2 files changed, 42 insertions, 1 deletions
diff --git a/caddyhttp/proxy/upstream.go b/caddyhttp/proxy/upstream.go index 303f986c4..4995a48f2 100644 --- a/caddyhttp/proxy/upstream.go +++ b/caddyhttp/proxy/upstream.go @@ -13,6 +13,8 @@ import ( "sync/atomic" "time" + "crypto/tls" + "github.com/mholt/caddy/caddyfile" "github.com/mholt/caddy/caddyhttp/httpserver" ) @@ -112,6 +114,9 @@ func NewStaticUpstreams(c caddyfile.Dispenser) ([]Upstream, error) { if upstream.HealthCheck.Path != "" { upstream.HealthCheck.Client = http.Client{ Timeout: upstream.HealthCheck.Timeout, + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: upstream.insecureSkipVerify}, + }, } upstream.wg.Add(1) go func() { diff --git a/caddyhttp/proxy/upstream_test.go b/caddyhttp/proxy/upstream_test.go index d84c366e5..b581cca66 100644 --- a/caddyhttp/proxy/upstream_test.go +++ b/caddyhttp/proxy/upstream_test.go @@ -279,7 +279,7 @@ func TestParseBlock(t *testing.T) { for i, test := range tests { upstreams, err := NewStaticUpstreams(caddyfile.NewDispenser("Testfile", strings.NewReader(test.config))) if err != nil { - t.Error("Expected no error. Got:", err.Error()) + t.Errorf("Expected no error. Got: %s", err.Error()) } for _, upstream := range upstreams { headers := upstream.Select(r).UpstreamHeaders @@ -298,3 +298,39 @@ func TestParseBlock(t *testing.T) { } } } + +func TestHealthSetUp(t *testing.T) { + // tests for insecure skip verify + isv_tests := []struct { + config string + flag bool + }{ + // Test #1: without flag + {"proxy / localhost:8080 {\n health_check / \n}", false}, + + // Test #2: with flag + {"proxy / localhost:8080 {\n health_check / \n insecure_skip_verify \n}", true}, + } + + for i, test := range isv_tests { + upstreams, err := NewStaticUpstreams(caddyfile.NewDispenser("Testfile", strings.NewReader(test.config))) + if err != nil { + t.Errorf("Expected no error. Got: %s", err.Error()) + } + for _, upstream := range upstreams { + staticUpstream, ok := upstream.(*staticUpstream) + if !ok { + t.Errorf("type mismatch: %#v", upstream) + continue + } + transport, ok := staticUpstream.HealthCheck.Client.Transport.(*http.Transport) + if !ok { + t.Errorf("type mismatch: %#v", staticUpstream.HealthCheck.Client.Transport) + continue + } + if test.flag != transport.TLSClientConfig.InsecureSkipVerify { + t.Errorf("test %d: expected transport.TLSClientCnfig.InsecureSkipVerify=%v, got %v", i, test.flag, transport.TLSClientConfig.InsecureSkipVerify) + } + } + } +} |